[PATCH] Xi: don't copy a DeviceEvent into an InternalEvent
Keith Packard
keithp at keithp.com
Wed Apr 30 10:09:09 PDT 2014
Peter Hutterer <peter.hutterer at who-t.net> writes:
> ==26141== Invalid read of size 8
> ==26141== at 0x58FAEA: DeliverEmulatedMotionEvent (exevents.c:1484)
>
> An InternalEvent is bigger than a DeviceEvent, thus copying one to the other
> reads past the allocated boundary. Shouldn't have any real effect since we
> shouldn't access anything past the DeviceEvent boundary if the event type is
> correct.
How does a DeviceEvent end up getting passed to this function? Is there
a cast up the stack somewhere? If DeliverEmulatedMotionEvent actually
takes a DeviceEvent cast to an InternalEvent, perhaps the problem is
with the signature of DeliverEmulatedMotionEvent?
--
keith.packard at intel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 810 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20140430/ef549f38/attachment.sig>
More information about the xorg-devel
mailing list